wo 2005/064S42 



12 



PCT/KR2004/0034S6 



Ciaims 

[1] A network security system for permitting a trusted process using a firewall, the 

firewall protecting a corresponding network connection of a computer to a 
network by setting restrictions on information communicated between networks, 
comprising: 

a port monitoring unit for extracting information about a server port being used 
through a network communication program; 

an internal permitted prqgram stor^e for extracting information about a program 
for which communication is permitted by the firewall, and registering the 
extracted information; 

an internal permitted port stor^e, if the port monitoring unit extracts the in- 
formation about the server port being used using the prcgram registered in the 
internal permitted prcgram stor^e, registering the extracted information about 
the server port; and 

a device for makng the firewall flexible, determining whether a destination port % 
of a packet of inbound traffic has been registered in the intemal permitted port . 
stonge, and if the destination port has not been registered, transmitting the cor- 
responding packet to the firewall, and if the destination port has been registered, ^ 
allowing the corresponding packet to bypass the firewall. (C^ 

[2] The network security system as set forth in claim 1, wherein the information 

about the program, which is extracted and registered in the intemal permitted 
program storage, includes information about a program name, an entire path of 
the program, and a prqgram Mess^e Digest 5 (MDS) hash value. 

[3] The network security system as set forth in claim 1, whereinthe information 

about the server port, which is extracted and registered in the intemal permitted 
port stor^e, includes information about an entire path of the prcgram, a 
protocol, and a port. 

[4] A network security method of permitting a trasted process using a firewall, the 

firewall protecting a corresponding network connection of a computer to a 
network by setting restrictions on information coirmiunicated between networks, 
comprising: 

the first step of extracting information about a server port being used throvgh a 
network coiimiunication prcgram; 

the second step of extracting information about a prcgram for which com- 
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munication is permitted by the lucwmi, and registering the extracted information 
in an internal permitted prqgram stor^e; 

the third step of, if information about the server port being used is extracted 
using the program registered in the internal permitted program stor^e at the first 
step, regstering the information about the extracted server port in internal 
permitted port stor^e; 

the fourth step of determining whether a destination port of a packet of inbound 
traffic has been registered in the internal permitted port stor^e; 
the fifth step of, if , as a result of the determination at the fourth step, the 
destination port has not been registered, transmitting the packet of inbound 
traffic to the firewall and 

the sixth step of, if, as a result of the determination at the fourth step, the 
destination port has been registered, allowing the corresponding packet to bypass 
the firewall. 

[5] The network security method as set forth in claim 4, wherein, in the case of 

performing communication using Transmission Control Protocol (TCP), the first 
step extracts a listen port throqgh hooldng when a sodcet performs listen to 
operate as a server. 

[6] The network security method as set forth in claim 4, wherein, in the case of com- 

munication using User Datagram Protocol (UDP), the first step extracts the 
server port by performing hooldng in a user mode when a socket calls a relevant 
function to receive a packet. 

[7] The network security method as set forth in claim 4, wherein, the sixth step 

allows the corresponding packet to bypass the firewall by calling a hooked 
original function. 

[8] The network security method as set forth in claim 4, wherein the information 

about the prqgram, which is extracted and registered at the second step, includes 
information about a prcgram name, an entire path of the prcgram, and a program 
Message Digest 5 (MD5) hash value. 

[9] The network security method as set forth in claim 4, wherein the information of 

the server port, which is extracted and registered at the third step, includes in- 
formation about an entire path of the prcgram, a protocol, and a port. 

[10] A computer-readable recording medium for performing a network security 

method using a firewall, the medium storing a program for executing the 
method, the method comprising: 
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the first step of extracting infonuimuu auout a server port being used throqgh a 
network conununication prcgram; 

the second step of extracting information about a program for which com- 
munication is permitted by the firewall, and registering the extracted information 
in an internal permitted prcgram stor^e; 

the third step of, if information about the server port being used is extracted 
using the prcgram registered in the internal permitted prcgram stor^e at the first 
step, registering the information about the extracted server port in an internal 
permitted port stonge; 

the fourth step of determining whether a destination port of a packet of inbound 
traffic has been registered in the internal permitted port stonge; 
the fifth step of, if , as a result of the determination at the fourth step, the 
destination port has not been regist^ed, transmitting the packet of inbound 
traffic to the firewall and 

the sixth step of, if, as a result of the determination at the fourth step, the 
destination port has been teetered, allowing the corresponding packet to bypass 
the firewall. 



